Re: [webauthn] Use fully-specified COSEAlgorithmIdentifiers in examples and recommendations (#2283) from Emil Lundberg via GitHub on 2025-05-20 (public-webauthn@w3.org from May 2025)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Tue, 20 May 2025 13:02:49 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2894326444-1747746167-sysbot+gh@w3.org>

Hm, maybe I should also include client implementers in the breakdown :slightly_smiling_face: 

- Current client implementations whose [`getPublicKey()`](https://w3c.github.io/webauthn/#dom-authenticatorattestationresponse-getpublickey) supports only the old IDs will continue to work with current RP/authenticator implementations using the old IDs.
- New RP implementations requesting the new IDs will not be able to use `getPublicKey()` for new IDs in clients that do not support them, but that is to be expected when using new features.
  - Consequently, RPs are incentivized to either not use `getPublicKey()` or to continue using the old IDs if they need to use `getPublicKey()`.
  - Consequently, current client implementations do not need to update (even in new versions) to support the new IDs in `getPublicKey()`. (Unless we [make that mandatory in L4](https://github.com/w3c/webauthn/pull/2276), of course.)

Or is this outlook too naive?

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/2283#issuecomment-2894326444 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 20 May 2025 13:02:50 UTC